[TYPO3-Solr] Solr query.allowedSites
Jigal van Hemert
jigal.van.hemert at typo3.org
Sun May 5 18:36:24 CEST 2013
Hi,
On 5-5-2013 18:01, Kay Strobach wrote:
> The site hash is the blocker -> see my patch :D
Are your domains in the same TYPO3 installation or on different servers?
In the same installation it works out of the box. For different servers
I think you need to use the same encryptionKey setting in the Install
Tool. Not sure if that is a bad thing security wise...
For external indexers there is an API function to get the site hash of a
certain domain:
index.php?eID=tx_solr_api&api=siteHash&apiKey=<api_key>&domain=<domain>
<api_key> can be found in the Search backend module of the installation
you send the request to.
The Nutch plugin (ask Olivier for details if you need it) uses this to
get the site hash for the domain it's crawling.
In the patch you completely bypass the sitehash mechanism. It is there
to be able to use the same core for different installations which should
not be able to access the records of the other installations. Even if an
installation has multiple domains the sitehashes are only valid for that
installation (because of different encryptionKey's).
Maybe it's an option to have an encryptionKey setting in the EM settings
for EXT:solr and if that is set it will override the TYPO3
encryptionKey. That way you could easily use the same key in a group of
installations to calculate the same sitehashes.
If you leave it empty the unique TYPO3 encryptionKey will be used and
installations can't access other installations' index on the solr server.
What do you think?
--
Jigal van Hemert
TYPO3 CMS Core Team member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-solr
mailing list